What SAP IdM Consultant does

Hi Consos...

I would like to know what are different jobs a sap idm conso does..his daily routine works if any..

i had attended sap idm training some time back and want to work on this but b4 that would like to know what they do..

Regards,

SAP Managed Tags:
SAP Identity Management

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (0)

Answers (2)

thank you Mr Matt..

would like to know how often configuring of workflow take place....

I thought it was a one time job..

Could you pls share some light on this..

rgdz kk

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

The fact is you'll probably be asked to add connectivity to new systems. Additionally you will configure workflows to account for changes in how the customer will want to set up their provisioning. Usually in adding approvals and notifications.

You'll also need to consider the tasks in upgrading to new service packs and versions.

Finally there are additional Provisioning Frameworks that are released from time to time. Some that I can think of include Lotus Notes, Microsoft Exchange, SAP GRC, SAP Datawarehouse.

Oh one other thing, the REST API could be another significant reason to keep up on your Java skills!

Matt

Matt and Chris, In connection with this query, i would like to clear my doubt.

I would like to know if the SAP Security/GRC consultant can handle the new IDM system or we need a designated SAP IDM Consultant for IDM administration. We are planning SAP/any vendor to implement the complete IDM with all the interface integration. And SAP security to get cross trained in this product for later providing support. Is this feasible or expert NW IDM admin skill is still required to support IDM system post implementation.

Ah, that's a different question entirely! But a very easy one to answer as Chris is from SAP and I am from a consulting firm.

When I do an implementation, one of my primary goals is to transfer knowledge about what I am doing. Typically I work with a person from the BASIS or security team who will be the core of the IDM administration team. This person is also usually my key contact with the group that is helping to define the overall IDM program. As far as eventual support plans go, I would recommend that at least one person go to SAP's official IDM training to provide a good foundation for what your IDM consultant will show them. If at all possible, this person should work closely with the consultant

So I would agree with your overall implementation plan and think it is the way to go.

Thanks Matt. This was our plan as you have defined. But the responsibilities defined for IDM Admin in this thread put me in doubt as the person need some expertise in development.

I want to clear my doubt which I have from beginning, how we can know whether the internal applications can be integrated with IDM or not. I know connector has to be developed for all the non standard applications, but how to know beforehand whether we will be able to integrate our existing applications with IDM.

We need to be sure with it before we take the decision to implement NW IDM as the integration with non standard applications will make the case strong for IDM requirement for our company.

Will appreciate your expert comments.

Sameer,

IDM is designed to be fairly open. If an application can be reached by LDAP, JDBC, ODBC, or Flat (ASCII) file, you'll have no problems. Other applications that require an API can be accessed using to/from custom passes or you can always use the to Generic pass type for calling outside executables, scripts or power-shell. Also the VDS is available to act as a proxy for SPML and other web services.

My suggestion would be to make this clear in your interview process and ask for some high level thoughts as you talk to the candidates/consultants.

For your project plan make sure that you have dedicated time to perform discovery and design for the connectors including time to prototype the connector to make sure that it works as expected.

Matt

It looks as I have hijacked this thread .

Matt, we planned that we Security/GRC team to get trained in IDM to get working knowledge about the tool and assist the implementation team during the project. And not too hire any experienced IDM as of now.

Now I am worried about the development part to link IDM with our internal applications. I wish to know if we involve our developers during the project, would they be able to perform this task. Else, does SAP or vendor cover this part of integration during the standard IDM implementation.

Thanks again for your valuable advises.

No worries. I've found that during the course of implementation the people working with the implementation team get a good working knowledge of IDM.

Like I said before, I recommend that whoever works with the implementation team takes classroom training in advance. You'll know enough by the time the implementers leave to to handle most modifications that you'll need to do.

Where is your project located?

Matt

Thanks again Matt. This project is located in Middle east region.

Matt and Chris, as I put earlier, do you cover the non standard applications integration with IDM as part of standard implementation or leave it to company to do their integration or help them to integrate with their existing applications.

Sameer,

Thanks, always curious where people are deploying IDM.

By non-standard, I'm assuming you're referring to non-SAP. As long as they can be reached by LDAP or ODBC, my answer is yes, it should be supported by the consulting firm as a part of standard implementation. I usually do not count Java based connectors as part of SAP IDM standard implementation.

Note that for some VDS work (non HCM, non GRC) Java based customization is standard.

In either case, a thorough listing and discussion of ALL applications to be integrated in the implementation should be conducted between your team and the implementers before starting any work.

Hope this clears things up.

Hi Krishna,

We configure Identity Management systems, blueprint projects, support project implementation, document procedures, customize IdM, single sign-on, educate clients, and do anything else a client would like for us to do that falls into our skillset. Sometimes this might be helping out with security, customizing interfaces, or anything else regarding security and Identity Managment.

Hope that answers your question.

- Chris

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

thanks for the view..but if u can jot down some points regarding whats being done technical..like config prov frameworks, VDS, checking job logs..etx..thanks again

rgdz kk

Here are the technical aspects that a consultant might be expected to perform

1. Set up provisioning framework

2. Modify provisioning framework for custom requirements.

3. Perform transports (export/import)

4. Set up VDS

5. Build custom connectors through VDS or directly through MMC

6. Deep knowledge of javascripting for workflows and provisioning

7. Deep knowledge of SQL scripting is needed.

8. Understand basics of SQL Server, Oracle, and with next service pack - DB2.

9. Build repositories and troubleshoot connection problems.

10. Build complex workflows

11. Modify ABAP BAPIs for custom integrations into ABAP.

12. Some knowledge of encryption algorithms when dealing with encrypted transport layer or encrypted data.

13. Active directory knowledge for integration to AD

The list could go on and on, but these are the main points that jump out.

Thanks Chris.

Hmmm....gonna throw in my 2 cents, but I think your list is pretty much spot on.

For VDS, you'll also need Java for customization.

Based on Chris' comment above, you can't forget the VDS frameworks either!

Also for VDS/IDM General LDAP (Which is somewhat different from AD) knowledge is needed

It's kind of obvious, but you need to really deeply understand IDM itself. All of the workflows, pass types, operators and methods of interfacing with applications. This is not the same product it was a year ago.

Consultants will also have good SAP knowledge in the following areas:

HCM

GRC

Frequently you'll need to configure connectivity between these applications. (I'm calling this out since some IDM consultants are not as knowledgeable in all modules)

Probably missing a couple of things as well, but just some thoughts...

Matt

Ask a Question

Top Q&A Solution Author

User

Count